CVE-2020-23447
- EPSS 0.24%
- Veröffentlicht 26.01.2021 18:15:42
- Zuletzt bearbeitet 21.11.2024 05:13:48
newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Man...
CVE-2020-23448
- EPSS 0.4%
- Veröffentlicht 26.01.2021 18:15:42
- Zuletzt bearbeitet 21.11.2024 05:13:48
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLoginInterceptor.java. The authentication logic of the system's background /admin is in code AdminLoginInterceptor, which can be bypassed.
CVE-2020-23449
- EPSS 0.21%
- Veröffentlicht 26.01.2021 18:15:42
- Zuletzt bearbeitet 21.11.2024 05:13:48
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID.
CVE-2019-19113
- EPSS 0.64%
- Veröffentlicht 18.11.2019 17:15:11
- Zuletzt bearbeitet 21.11.2024 04:34:13
main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection.